how to create an exception for Nirsoft Utilities in Windows Security

I like to use NirSoft Utilities, including all of the programs run from Sofer's NirLauncher.
Windows Security killed my ability to run Nirlauncher when I ran the first scan after using several utilities launched thereby.
I don't want to have this problem every time I want to use one of those utilities.

Does Windows Security have a setting allowing me to create exceptions?

I have been using NirSoft utilities for years without any problems and believe they are not malware apps.

If anyone can provide me with any proof to the contrary, I will read it.

My Windows version # is 1909 (OS Build: 18363.836) up-to-date

thesquire08 said:

Does Windows Security have a setting allowing me to create exceptions?

Yes... but the route to use it is arcane and not easily discoverable, such is the utter opaqueness of Defender's GUI.

In Win 10 1909, do this:

1. Click Start.
2. Click Settings.
3. Click Update & Security.
4. Click Windows Security.
5. Click Virus & threat protection in right-hand pane.
6. Scroll down and click Manage settings under Virus & threat protection settings.
7. Scroll down to Add or remove exclusions under Exclusions.
8. Add the exclusion you want.

That was intuitive, wasn't it?

Alternatively, just use Sordum.org's free, portable Defender Injector to make it so, so much easier and faster.

(Note that IME Defender sometimes just ignores exclusions... and doesn't keep them when upgrading to a new version... 'cos Windows 10 is just helpful that way...)

Hope this helps...

Go to your Start Menu > Administrative Tools > Windows Defender with Advanced Security
You want to go to 'Outbound Rules' as the issue is likely to be a default rule preventing it (possibly) from connecting out.
Once you've done that you should see a panel towards your right called 'Actions'.

Find 'New Rule...' and click it. You should now get a smaller window that pops up named 'New Outbound Rule Wizard'.
You want to allow an outbound rule to be set for a program. Now click the radio button named 'This Program Path:' and now navigate to the program executable. You may have to add several executables in order to allow the program to run properly as it's likely there are more than one executable installed that makes us the software package. You don't NEED to do this but it helps if and when you come across issues with connectivity you then know this is likely the culprit.

Once you've found the executable click the radio button named 'Allow the connection'. Now you're going to have to choose the profile(s) in which this rule applies to. By default in Windows there are three profiles setup which encompass particular network configurations. Public is when you're, like the name suggests, connected to a public network ie public WiFi or generally a network you don't trust. If you just select this Windows Firewall allow this program through when you're connected to a public network. Likewise it works the same way with Private and Domain. Domain refers to when you're connected to a network like at work, school or otherwise. Best practice would be to allow them on all profiles to make this rule more expansive. You could be more secure and set the program only to be allowed on Private networks. You could do this with ALL your programs actually for added security but this is another topic altogether.

Once you've done that name your rule and add a description. If you don't and you want to return to Windows Firewall you'll probably be lost, especially if you learn how to use Windows Firewall more and start configuring it to block/allow traffic to your own needs. You'll then have several rules and without a name and/or a description you could remove ones you really want believing you're removing the one(s) you don't. So just add something simple, definetly include the program name and maybe for reference why you've added it ie 'Allow rule for NirLauncher' or something like that. This is good housekeeping and shows general competency in all system administration related tasks and it just makes your life easier.

NirSoft is not malware. I have used their softwar before although not super recently. That being said firewall doesn't HAVE to block traffic based on it being malware, presuming firewall is the culprit here that is. Usually it is your antivirus/antimalware security suite that will block connections but in many cases these are false positives. Your firewall often requires manual interaction in order to set these rules. In order to prevent issues with ease of use and cause a whole wealth of issues it's not usual for security software to enforce firewall rules by default. When they do it's usually down to intelligence gained by the software through regular syncs with databases containing potential threats that will trigger an automatic rule be applied. But when this happens you usually either have stumbled upon something malicious and/or it's just a false positive. Software for example can move documents around your drive and some antivirus can and will pick this up as a ransomware attack being conducted whereby documents in this scenario are really moved from one place to another where they are on encrypted. Antivirus blocks this attack. Sometimes though, and thankfully, you are the one moving the file and you are not holding yourself for ransom. You can see here then the inevitable miscalculations security software can make. And this is why setting manual rules is better.

If the program is being blocked I would look at antivirus software. I would see the reports and then create an exception for the software it believes is malicious. Some software does act like malware in that their operation can seem to be malicious compared to software that is not harmful. That's because malware is really no different to trustworthy software from an under-the-hood perspective. The only difference is that malware will do malicious things with the same instructions that innocent and perfectly harmless software would not do. It's like driving a car; some speed and kill people whereas some don't. You don't question the mode of getting from A to B because the mechanics of being propelled by combustion engines is the same across the board. The offender is the driver. It's the same with malware. But security software often doesn't make that connection, because, hey, it's not human and has limited instructions itself to know all there is to all about bad stuff out there in the ether.

So when this happens and your security software makes mistakes you will have to manually configure it so that it reverts the action it's taken. A good start is firewall but going further I would check antivirus and any other security software you have installed and it's usually these that really get to mangling software so it doesn't operate. Which is a good thing, when it's actually malware!